Well well.. it certainly has been a while (again). Things have been very hectic for me lately. Encountered a lot of problems while I was graduating from college. Been stressing a lot at work too due too lack of motivation. Now I finally, after all this time, managed to graduate from college! I will be having my bachelors degree in computer science next week. And it gets even better..

I've always had in mind that someday I'll try to make a career out of IT security. Last year after doing my final presentation for my internship project at the navy, I received a contact card from the CEO of a security company here in the Netherlands. I just had it on my desk for ages, not contacting him because I still had some classes to finish at college.

So when I finally graduated from college, I've been really thinking about which career to pursue. Sure, software developing is interesting and rewarding. I've been doing that for a while now, and I've realized that it doesn't make me happy. Well, at least at this point its not what I want to be doing. I remember the thrills of the PWB course all too well. How easily the materials presented could hold my attention, and how rewarding it is to pwn a machine in the labs.

After giving it a lot of thought, I decided to go with IT security. I contacted the CEO and made an appointment to discuss the possibilities for me. Last Thursday I had my job interview, and it went very well.The overall vibe was very positive. We discussed some general security related topics, and how the company deals with them. Then after some time the CEO decided that it would be best to let me talk to an employee to see what I know.

Of course this made me slightly anxious, as I was sure he will test my knowledge and see if its enough. And considering I'm not that experienced, I thought it could still go any direction. I noticed that the most important aspect of being able to work there is creativity, while still being able to follow a strict set of procedures. The ability to think outside of the box, I'm sure we all heard of that lol.

Anyway, since they were curious about my hacking experience, I told them that I took the PWB course and I'm trying to get the OSCP certification. Unfortunately they weren't familiar with that, so I had to explain what it is. I've learned a lot during the PWB course, so I threw in some terms and told them what it means. Also that we had to do security assessments before during a college minor. I was then asked about my familiarity with tools like NMap and HTTP proxies.

Luckily, I had an answer to most things, and the interview continued in a positive manner. Later on it was emphasized that its important that I should be able to document properly, and that it would be a big part of my work. I don't have a problem with writing a lot of documentation / reports. I know it's important to properly present the findings of a penetration test in a report, and make it readable for multiple layers of the organization.

Then eventually we started wrapping things up, and as I expected, I was told that I'll be receiving a call soon with their decision. As I was walking back to the train station with a positive feeling, I started reflecting of what had just happened. Like, if I said the right things, hoping that I left a good impression. Still, I thought it could go either way.

I must have been too busy with my inner thoughts, as I didn't notice I got a missed call from the CEO when I was walking back to the train station. I quickly called him back, and was informed that I would be an asset to the team. He offered me a contract to work there as a Junior Security Engineer . I couldn't be happier really. I didn't think I would have a real job so soon.

So it seems like I'll be focusing entirely on hacking from now on. I have a lot of catching up to do, and a lot of new things to learn. I already scheduled my OSCP certification challenge retake for this month. I have every intention of getting my OSCP title, and I will not stop until It's mine I know it won't be easy, it will be damn frustrating!

I'm looking forward to being an active member of EH-Net again, and contribute where I can. See you guys around!

BillV wrote:You said this is a "security company" so will you be providing security services to other companies (as a consultant)? When do you start?

Yea, I will try to help the team with providing security services to organizations like banks etc. Mostly white box penetration testing, I believe. I've heard I'll be more like a fifth wheel or something, because I need to learn a lot and gain some experience. So I won't be that useful when I start, I guess.

I'll be starting the 1th of August, so I have plenty of time to prepare for OSCP. Though, it will be tough for me since I don't have access to the labs anymore. I'm considering getting some lab-time, but its a hard choice as I have a very small budget at the moment >_>. Now I'm doing some of the "Extra Mile" assignments..